package fly;

import com.sun.jmx.snmp.internal.SnmpSubSystem;
import com.sun.xml.internal.bind.v2.TODO;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PreFilter;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.List;

@SpringBootApplication
@RestController
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SpApp {
    public static void main(String[] args) {
        SpringApplication.run(SpApp.class, args);
    }

    @GetMapping("/")
    public String home() {
        return "home...";
    }

    //org.springframework.security.access.vote.RoleVoter 定义的前缀ROLE_
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @GetMapping("/hello")
    public String hello() {
        return "hello";
    }

    // 当前用户 等于 username id>10
    // 返回值为20
    @PreAuthorize("#id > 10 and principal.username.equals(#username)")
    @GetMapping("/test")
    @PostAuthorize("returnObject=='20'")
    public String test(Integer id, String username) {
        System.out.println(id+username+"");
        return id.toString();
    }

    // TODO 未实现
    @PreFilter("filterObject%2==0")
    @PostFilter("filterObject%4==0")
    @RequestMapping("/test1")
    public List<Integer> test1(List<Integer> idlist){
        return idlist;
    }
}
